內容目錄
最新版本在:http://jangmt.com/wiki/index.php/Nginx
簡介
- Nginx是一款效能設計導向的HTTP伺服器
- ref:https://zh.wikipedia.org/wiki/Nginx
說明
- 環境 centos 6.4
- epel 套件庫 http://fedoraproject.org/wiki/EPEL
- SELINUX 預設啟動 enforcing
安裝 NIGNX 及移除 APACHE
- 可以移除原有的 httpd 及 php
yum remove httpd php
- 安裝 nginx + php-fpm 程式
[root@bk-mail html]# yum -y install nginx php-fpm Dependencies Resolved ================================================================================================================ Package Arch Version Repository Size ================================================================================================================ Installing: nginx x86_64 1.0.15-5.el6 epel 397 k php-fpm x86_64 5.3.3-22.el6 base 1.1 M Installing for dependencies: GeoIP x86_64 1.4.8-1.el6 epel 620 k gd x86_64 2.0.35-11.el6 base 142 k Transaction Summary ================================================================================================================ Install 4 Package(s) Total download size: 2.3 M Installed size: 6.3 M Downloading Packages: (1/4): GeoIP-1.4.8-1.el6.x86_64.rpm | 620 kB 00:01 (2/4): gd-2.0.35-11.el6.x86_64.rpm | 142 kB 00:00 (3/4): nginx-1.0.15-5.el6.x86_64.rpm | 397 kB 00:00 (4/4): php-fpm-5.3.3-22.el6.x86_64.rpm | 1.1 MB 00:00 ---------------------------------------------------------------------------------------------------------------- Total 657 kB/s | 2.3 MB 00:03
- 啟動及驗證 port
[root@bk-mail ~]# /etc/init.d/nginx restart 停止 nginx: [失败] 正在启动 nginx: [确定] [root@bk-mail ~]# /etc/init.d/php-fpm restart 停止 php-fpm: [失败] 正在启动 php-fpm: [确定] [root@bk-mail ~]# netstat -tlnup | grep nginx tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5174/nginx [root@bk-mail ~]# netstat -tlnup | grep php-fpm tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 5189/php-fpm
- 測試:http://localhost
設定開機啟動nginx及php-fpm
chkconfig nginx on chkconfig --level 234 nginx on chkconfig php-fpm on chkconfig --level 234 php-fpm on
PHP-FPM 可以工作
- 設定 PHP-fpm ,讓他可以和 nginx 協同工作,也就是說需要 PHP 時丟給 127.0.0.1:9000 去執行
# 以下這個設定檔是用原本 epel 的範本修改的 [root@bk-mail conf.d]# cat /etc/nginx/conf.d/default.conf # # The default server # server { listen 80 default_server; server_name _; #charset koi8-r; #access_log logs/host.access.log main; location / { root /usr/share/nginx/html; index index.html index.htm; } error_page 404 /404.html; location = /404.html { root /usr/share/nginx/html; } # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ { # root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; } fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} }
- 設定的點在這一段,這段原本全部都是註解掉的,因為原本預設只支援 html 靜態網頁。
location ~ \.php$ { # 用系統預設的 /usr/share/nginx/html 目錄即可 # 請註解底下這一行,這是設定 nginx 的網頁 root 目錄的位置 #root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; # 請註解掉底下這一行,他的路徑寫的有問題 #fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # SCRIPT_FILENAME 指的是 php 的來源程式,套入到後面描述的 $fastcgi_script_name 資源 # 加入底下這一行,其中 $document_root 是一個變數,會將根目錄帶入底下這一行 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; }
- 重新啟動 nginx
[root@bk-mail conf.d]# /etc/init.d/nginx restart 停止 nginx: [确定] 正在启动 nginx: [确定]
- 測試 PHP 可以工作時間並給予一個時間結果 , nginx 的根目錄在 /usr/share/nginx/html/
[root@bk-mail html]# cat /usr/share/nginx/html/index.php <?php phpinfo(); ?>
- 可以顯示時間及 phpinfo() 資訊即是正確。
- 所以這種結果會準嗎?? 這值得討論....
NGINX NAMEBASE虛擬主機
- nginx 的虛擬主機設定
[root@bk-mail conf.d]# cat tonyhack.asuscomm.com.conf # the tonyhack.asuscomm.com server { #listen 80; server_name tonyhack.asuscomm.com; root /var/www/html; index index.html index.htm index.php; location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } [root@bk-mail conf.d]# /etc/init.d/nginx restart 停止 nginx: [确定] 正在启动 nginx: [确定]
[root@bk-mail conf.d]# cat /var/www/html/index.php <?php phpinfo(); ?>
- 虛擬主機也可以綁定多域名,如下:
server { listen 80; server_name tonyhack.asuscomm.com tonyhack.net tonyhack.com tonyhack.org; index index.html index.htm index.php;
NGINX 的 SSL
- 設定檔
[root@bk-mail conf.d]# cat /etc/nginx/conf.d/tonyhack.asuscomm.com.conf # the tonyhack.asuscomm.com server { #listen 80; server_name tonyhack.asuscomm.com; listen 443; ssl on; ssl_certificate /etc/nginx/certs/server.crt; ssl_certificate_key /etc/nginx/certs/server.key; root /var/www/html; index index.html index.htm index.php; location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
- 產生憑證 in /etc/nginx/certs 目錄內 請自已加目錄certs
[root@bk-mail certs]# openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus ..........++++++ .....++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key: [root@bk-mail certs]# openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:TW State or Province Name (full name) []:stnet253 Locality Name (eg, city) [Default City]:taiwan Organization Name (eg, company) [Default Company Ltd]:asuscomm Organizational Unit Name (eg, section) []:com Common Name (eg, your name or your server's hostname) []:tony Email Address []:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@bk-mail certs]# cp server.key server.key.org [root@bk-mail certs]# openssl rsa -in server.key.org -out server.key Enter pass phrase for server.key.org: writing RSA key [root@bk-mail certs]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Signature ok subject=/C=TW/ST=stnet253/L=taiwan/O=asuscomm/OU=com/CN=tony/[email protected] Getting Private key
[root@bk-mail certs]# ls -ashl 总用量 24K 4.0K drwxr-xr-x. 2 root root 4.0K 6月 23 21:53 . 4.0K drwxr-xr-x. 4 root root 4.0K 6月 23 21:52 .. 4.0K -rw-r--r--. 1 root root 749 6月 23 21:53 server.crt 4.0K -rw-r--r--. 1 root root 631 6月 23 21:53 server.csr 4.0K -rw-r--r--. 1 root root 887 6月 23 21:53 server.key 4.0K -rw-r--r--. 1 root root 963 6月 23 21:53 server.key.org [root@bk-mail certs]#
- 重新啟動及測試
[root@bk-mail certs]# /etc/init.d/nginx restart 停止 nginx: [确定] 正在启动 nginx: [确定] [root@bk-mail certs]# netstat -tlnup | grep nginx tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5771/nginx tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 5771/nginx [root@bk-mail certs]#
- 測試 nginx ssl ,使用 firefox https://localhost/
測試效能
- 測試工具: ab 指令
-
- ab使用範例:
- 要執行 100 次的 connection, 20 次的 concurrent (並行, 同時):
- 語法: ab -n 100 -c 20 http://localhost/abc.php
- 結果解釋:
-
- Time taken for tests: 總共執行花了多久的時間.(以上 100 次共多久)
- Requests per second: 每秒平均可以處理多少個 connection.
- 內容:index.php
[mtchang@c6 public_html]$ cat index.php /home/mtchang/public_html/index.php
- 內容:index.html
[mtchang@c6 public_html]$ cat index.html /home/mtchang/public_html
- 機器規格描述
[mtchang@c6 ~]$ cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 58 model name : Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz stepping : 9 cpu MHz : 1600.000 cache size : 6144 KB physical id : 0 siblings : 4 core id : 0 cpu cores : 4 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm ida arat epb xsaveopt pln pts dts tpr_shadow vnmi flexpriority ept vpid fsgsbase smep erms bogomips : 6186.06 clflush size : 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management: [mtchang@c6 ~]$ free total used free shared buffers cached Mem: 3599640 1660092 1939548 0 183164 825952 -/+ buffers/cache: 650976 2948664 Swap: 4194296 0 4194296 [mtchang@c6 ~]$ sudo hdparm -tT /dev/sda5 /dev/sda5: Timing cached reads: 24092 MB in 2.00 seconds = 12065.08 MB/sec Timing buffered disk reads: 300 MB in 3.00 seconds = 99.94 MB/sec
- apache 的 ab 做壓力測試的狀況(靜態 html)
[root@lab html]# ab -n 10000 -c 10 http://c6.jangmt.com/index.html This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0 Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Copyright 2006 The Apache Software Foundation, http://www.apache.org/ Benchmarking c6.jangmt.com (be patient) Completed 1000 requests Completed 2000 requests Completed 3000 requests Completed 4000 requests Completed 5000 requests Completed 6000 requests Completed 7000 requests Completed 8000 requests Completed 9000 requests Finished 10000 requests Server Software: nginx/1.0.15 Server Hostname: c6.jangmt.com Server Port: 80 Document Path: /index.html Document Length: 3698 bytes Concurrency Level: 10 Time taken for tests: 3.654708 seconds Complete requests: 10000 Failed requests: 0 Write errors: 0 Total transferred: 39100212 bytes HTML transferred: 36980000 bytes Requests per second: 2736.20 [#/sec] (mean) Time per request: 3.655 [ms] (mean) Time per request: 0.365 [ms] (mean, across all concurrent requests) Transfer rate: 10447.62 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 0 1 0.5 1 3 Processing: 0 1 1.0 2 4 Waiting: 0 1 0.5 1 3 Total: 1 3 0.4 3 6 Percentage of the requests served within a certain time (ms) 50% 3 66% 3 75% 3 80% 3 90% 3 95% 4 98% 4 99% 4 100% 6 (longest request)
- 用 apache 的 ab 做壓力測試的狀況(此範例為 php 的範例)底下是在沒有 fail 的狀況下的數據。
[root@lab html]# ab -n 10 -c 2 http://c6.jangmt.com/index.php This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0 Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Copyright 2006 The Apache Software Foundation, http://www.apache.org/ Benchmarking c6.jangmt.com (be patient).....done Server Software: nginx/1.0.15 Server Hostname: c6.jangmt.com Server Port: 80 Document Path: /index.php Document Length: 52564 bytes Concurrency Level: 2 Time taken for tests: 0.49866 seconds Complete requests: 10 Failed requests: 0 Write errors: 0 Total transferred: 527110 bytes HTML transferred: 525640 bytes Requests per second: 200.54 [#/sec] (mean) Time per request: 9.973 [ms] (mean) Time per request: 4.987 [ms] (mean, across all concurrent requests) Transfer rate: 10307.62 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 0 0 0.6 0 1 Processing: 8 8 1.1 9 10 Waiting: 0 0 0.7 0 1 Total: 9 9 0.3 9 10 Percentage of the requests served within a certain time (ms) 50% 9 66% 9 75% 9 80% 9 90% 10 95% 10 98% 10 99% 10 100% 10 (longest request)
- 不太精準結論: nignx 有比較好,但是要趕上硬體的差異仍需要很努力....
參考網址:
http://jangmt.com/wiki/index.php/Main_Page
http://blog.jangmt.com/2013/04/centos-64-nginx-php-fpm-ssl-virtualhost.html